CVE-2017-7804

The destructor function for the "WindowsDllDetourPatcher" class can be re-purposed by malicious code in concert with another vulnerability to write arbitrary data to an attacker controlled location in memory. This can be used to bypass existing memory protections in this situation. Note: This attack only affects Windows operating systems. Other operating systems are not affected. This vulnerability affects Thunderbird < 52.3, Firefox ESR < 52.3, and Firefox < 55.

Published: Jun 11, 2018
Updated: Apr 13, 2023
CVE: CVE-2017-7804
Severity: High
Exploit:

CVSS v3:

Severity: High
Score: 7.5
AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

CVSS v2:

Severity: Medium
Score: 5
AV:N/AC:L/Au:N/C:N/I:P/A:N

CWEs:

CWE-20

Affected Software
References

Software	From	Fixed in
mozilla / firefox	-	55.0
mozilla / firefox_esr	-	52.3.0
mozilla / thunderbird	-	52.3.0

http://www.securityfocus.com/bid/100234
http://www.securitytracker.com/id/1039124
https://bugzilla.mozilla.org/show_bug.cgi?id=1372849
https://www.mozilla.org/security/advisories/mfsa2017-18/
https://www.mozilla.org/security/advisories/mfsa2017-19/
https://www.mozilla.org/security/advisories/mfsa2017-20/

Vulnerability Database

290,206

CVE-2017-7804